home

My NixOS systems configurations.
Log | Files | Refs | LICENSE

nix-binary-cache.nix (3346B)


      1 { config, lib, pkgs, ... }:
      2 
      3 with lib;
      4 let
      5   cfg = config.services.nix-binary-cache;
      6 in
      7 {
      8   options = {
      9     services.nix-binary-cache = {
     10       enable = mkEnableOption "Enable nix-binary-cache";
     11       domain = mkOption {
     12         description = "domain to serve";
     13         type = types.str;
     14       };
     15       aliases = mkOption {
     16         default = [ ];
     17         description = "server aliases to serve";
     18         type = types.listOf types.str;
     19       };
     20     };
     21   };
     22   config = mkIf cfg.enable {
     23     networking.firewall.allowedTCPPorts = [ 80 443 ];
     24     systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/var/public-nix-cache" ];
     25     services.nginx = {
     26       enable = true;
     27       appendHttpConfig = ''
     28         proxy_cache_path /var/public-nix-cache/ levels=1:2 keys_zone=cachecache:1200m max_size=20g inactive=365d use_temp_path=off;
     29         # Cache only success status codes; in particular we don't want to cache 404s.
     30         # See https://serverfault.com/a/690258/128321
     31         map $status $cache_header {
     32           200     "public";
     33           302     "public";
     34           default "no-cache";
     35         }
     36         access_log /var/public-nix-cache/access.log;
     37       '';
     38       virtualHosts."${cfg.domain}" = {
     39         serverAliases = cfg.aliases;
     40         # enableACME = true;
     41 
     42         locations."/" = {
     43           root = "/var/public-nix-cache/";
     44           extraConfig = ''
     45             expires max;
     46             add_header Cache-Control $cache_header always;
     47             # Ask the upstream server if a file isn't available locally
     48             error_page 404 = @fallback;
     49           '';
     50         };
     51         extraConfig = ''
     52           # Using a variable for the upstream endpoint to ensure that it is
     53           # resolved at runtime as opposed to once when the config file is loaded
     54           # and then cached forever (we don't want that):
     55           # see https://tenzer.dk/nginx-with-dynamic-upstreams/
     56           # This fixes errors like
     57           #   nginx: [emerg] host not found in upstream "upstream.example.com"
     58           # when the upstream host is not reachable for a short time when
     59           # nginx is started.
     60           resolver 8.8.8.8;
     61           set $upstream_endpoint https://cache.nixos.org;
     62         '';
     63         locations."@fallback" = {
     64           proxyPass = "$upstream_endpoint";
     65           extraConfig = ''
     66             proxy_cache cachecache;
     67             proxy_cache_valid  200 302  60m;
     68             expires max;
     69             add_header Cache-Control $cache_header always;
     70           '';
     71         };
     72         # We always want to copy cache.nixos.org's nix-cache-info file,
     73         # and ignore our own, because `nix-push` by default generates one
     74         # without `Priority` field, and thus that file by default has priority
     75         # 50 (compared to cache.nixos.org's `Priority: 40`), which will make
     76         # download clients prefer `cache.nixos.org` over our binary cache.
     77         locations."= /nix-cache-info" = {
     78           # Note: This is duplicated with the `@fallback` above,
     79           # would be nicer if we could redirect to the @fallback instead.
     80           proxyPass = "$upstream_endpoint";
     81           extraConfig = ''
     82             proxy_cache cachecache;
     83             proxy_cache_valid  200 302  60m;
     84             expires max;
     85             add_header Cache-Control $cache_header always;
     86           '';
     87         };
     88       };
     89     };
     90   };
     91 }